Network Monitor – Ntop

Ntop is a network traffic monitor that shows the network usage. It display a list of hosts that are currently using the network and reports information concerning the (IP and non-IP) traffic generated and received by each host. It is similar to what the popular top Unix command does.

Ntop may operate as a front-end collector (sFlow and / or netFlow plugins) or as a stand alone collector/display program. A web browser is needed to access the information captured by the ntop program. The ntop users can navigate through ntop (that acts as a web server) traffic information and get a dump of the network status. It looks like an agent with an embedded web interface.

Ntop needs a limited configuration and administration via the web interface, reduced CPU and memory usage. It’s easy to use and suitable for monitoring various kind of networks.

What ntop can do for me?

Sort network traffic according to many protocols

Show network traffic sorted according to various criteria

Display traffic statistics

Store on disk persistent traffic statistics in RRD format

Identify the identity (e.g. email address) of computer users

Passively (I.e. without sending probe packets) identify the host OS

Show IP traffic distribution among the various protocols

Analyse IP traffic and sort it according to the source /destination

Display IP Traffic Subnet matrix (who’s talking to who?)

Report IP protocol usage sorted by protocol type

Act as a NetFlow / sFlow collector for flows generated by routers

Produce RMON – like network traffic statistics

It has been developed by Luca Deri, and Italian research scientist and network manager at University of Pisa.